January 31, 2023

Software Deployment Best Practices in the Azure Cloud

By Gilad David Maayan

What Is Cloud Deployment?

Cloud deployment is the process of deploying and managing applications, services, and infrastructure in a cloud computing environment. Cloud deployment provides scalability, reliability and accessibility over the internet, and it allows organizations to take advantage of the benefits of cloud computing, such as cost savings and improved flexibility.

Deploying software in a cloud environment involves several steps, including packaging the software, creating or provisioning the infrastructure, configuring and deploying the software, testing and monitoring, and scaling and updating. It’s important to familiarize yourself with the tools and services offered by the cloud provider you are using, and to have a plan in place for scaling and updating the software as needed.

What Is Azure App Service?

Azure App Service is a hosting service for HTTP-based web applications, mobile backends, and REST APIs. You can develop applications in your preferred language (.NET, .NET Core, Ruby, Java, Node.js, PHP, Python), and easily run and scale them in Linux and Windows-based environments. It is commonly used to migrate applications to the Azure cloud.

App Service adds the features of the Microsoft Azure cloud to your application—including security, autoscaling, load balancing, and auto-management. In addition, it provides DevOps capabilities like continuous deployment (powered by GitHub, Azure DevOps, and Docker Hub), package management, custom domains, staging/testing environments, and TLS/SSL certification.

Software Deployment Best Practices in Azure

Use Deployment Slots

Use deployment slots whenever possible when deploying new production versions. With the standard App Service plan tier or higher, you can deploy an application to the staging environment, see changes, and run smoke tests. When ready, you can switch the staging slots to production slots—swap the worker instances to eliminate downtime, by pre-warming a full production environment.

Continuously Deploy Code

If a project has branches designated for testing, staging, and QA, each branch must be deployed continuously to a staging slot. This makes it easy for stakeholders to evaluate and test deployed branches.

Do not enable continuous deployment for production slots. Instead, the production branch (usually the master branch) should be deployed into a non-production slot. When developers are ready to release the main branch, replace it with a production slot. Swapping to production instead of deploying to production avoids downtime and enables you to easily roll back changes (you simply swap back).

Microsoft Defender for Cloud and Azure Sentinel

Microsoft Defender for Cloud improves security visibility and control of Azure resources, including web applications, to help prevent, detect, and respond to threats. Microsoft Defender for Cloud helps detect threats that may go unnoticed.

Microsoft Sentinel is a cloud-native, scalable security solution that provides Security Information and Event Management (SIEM), as well as Security Orchestration, Automation and Response (SOAR). These solutions provide advanced threat intelligence and security analytics, including attack detection, proactive hunting, threat visibility, and threat response.

Microsoft Sentinel uses Azure-powered AI to power investigation and detection. Microsoft provides its threat intelligence data, and you can bring your own threat intelligence feeds.

Continuously Deploy Containers

For custom containers from a container registry like Docker, you can deploy the container images into staging slots and replace it with a production worker instance to avoid downtime.

For every branch deployed in the slot, you can set up automation to perform these tasks for each commit in the branch:

  • Create an image and tag it—tag images with git commit IDs, timestamps, or other identifying information as part of your build pipeline. Don’t use the default “latest” tag, otherwise deployed code will be more difficult to trace and debug.
  • Push the image—after building and tagging the image, the pipeline can push the image to a container registry. Next, the deployment slot will pull the image from the registry.
  • Ensure the deployment slot is updated with the image’s tag. Once you’ve updated this property, the application automatically restarts and pulls the new image.

Implement Local Caching

All content in Azure App Service is stored in Azure Storage and delivered as a persistent content share. However, some applications require a read-only, high-performance content storage space that can operate with high availability—these applications benefit from a local cache.

However, note that local caching is not recommended for content management sites like WordPress. Also, always use local caching with deployment slots to avoid downtime.

Leverage Azure DevOps

App Service includes a built-in feature to continuously deliver containers via a Deployment Center. In the Azure portal, go to your app, and under Deployments, select Deployment Center. Follow the instructions, selecting a container repository and a branch. This configures your DevOps build and enables the release pipeline to automate the building, tagging, and deployment of containers when developers push new commits to the branch of your choice.

Install a Web Application Firewall

Web applications are commonly targeted by attacks that exploit known vulnerabilities. Common attacks include SQL injection and cross-site scripting attacks. Completely preventing these attacks in your application code can be difficult, because many layers of an application topology might require rigorous maintenance, patching, and monitoring.

A centralized WAF helps simplify security management. Instead of protecting individual web applications, WAF solutions can also address security threats by patching known vulnerabilities from a central location. Azure Application Gateway WAF centrally protects web application traffic from common attacks and vulnerabilities.

Conclusion

Deploying software on Azure is a powerful and cost-effective way to build and run web applications, mobile app backends, and RESTful APIs.

By following best practices you can ensure the success and security of your deployment. These best practices can help you automate the deployment of your resources, ensure consistency across your environments, troubleshoot issues, monitor the performance of your deployment, protect your applications and data, safeguard and manage cryptographic keys and secrets, test your application in a staging environment and ensure that your deployment continues to function properly.

By Gilad David Maayan

Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.
Rahul Subramanyam

Episode 18: Fixing AWS: The CloudFix Story 

Fixing AWS: The CloudFix Story A conversation with Rahul Subramanyam. CEO at CloudFix, and CTO [...]
Read more
Srini Kalapala

Driving Growth: Srini Kalapala Discusses Verizon’s Network APIs

Welcome to our interview with Srini Kalapala, Senior VP of Technology and Product Development at [...]
Read more
Bharti Patel

The Goldilocks Principle of Cloud Management: Striking the Ideal Balance

It’s not an all-or-nothing proposition: How to strike the right balance with cloud The pandemic [...]
Read more
Randy

Adapting to the Changing IT Landscape

The Rising Importance of Cloud Engineers The landscape of information technology and cloud computing is [...]
Read more
Stacey Farrar

Embracing Governance to Navigate 2024’s Tech Trends

Mastering Governance Strategies for Success The start of a new year is a fitting time [...]
Read more
Anastasios Arampatzis

Insider Threats: The Trojan Horses in Intellectual Property Theft

The Invisible Enemy In the rapidly evolving landscape of global business, intellectual property (IP) stands [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.